Principal Offensive Security Researcher

Who We Are

Oracle’s Software Assurance organization has the mission is to make application security and software assurance, at scale, a reality. We are an inclusive and diverse team of high caliber application security researchers, distributed globally, who thrive on new challenges. We are seeking experienced, hardworking, and dedicated security researchers who have genuine excitement for and interest in security to work on a critical greenfield software assurance project collaboratively with our cloud and mobile engineering teams. You must relish the challenge of assessing large, complex software products. Creativity is highly valued; being able to find novel bugs and stitch them together to create something greater than the sum of their parts is essential in this role.

 

Career Level - IC4

Job Description 
As a member of our team, you will conduct vulnerability research across a wide range of products. Your projects may include anything from exploiting a mobile application, to writing a fuzzer for an undocumented network protocol or a programming language interpreter's grammar, to exploiting web applications, or analyzing and reverse engineering modifications to operating systems. Additional responsibilities include: 
 

• Conducting in-depth vulnerability research
• Scoping and executing security assessments and vulnerability research
• Developing tools to identify vulnerabilities
• Collaborating with engineering teams to triage and resolve security issues
• Mentoring team members in computer and software security, acting as a role model

Level: 
Principal - Excellent at security research as an individual with an ability to lead small teams of 3-5 people 
Senior Principal - Proven experience in leading small teams (4-8 people) and an ability to lead larger teams (5-10 people), Must have experience with executive leadership presentation and communication, authoring documentation and leading programs as the technical advisor. 
Responsibilities 
What You’ll Bring (Must Have) 
 

• A Bachelor's or Master’s degree in Computer Science, Cyber Security, or a related field, or equivalent experience from professional work or self-study
• Relevant experience in offensive security, in various forms
• Experience in vulnerability research and exploit development
• Strong knowledge of vulnerability classes such as stack and heap-based buffer overflows, object lifecycle issues (e.g., UaF, double frees), and logic errors, with practical experience in exploitation techniques
• Understanding of operating systems and assembly languages
• Familiarity with basic exploit mitigations (e.g., stack canaries, DEP, ASLR) and how to bypass them
• Ability to evaluate complex systems for security vulnerabilities
• A strong aptitude for self-study and setting long-term goals (e.g., learning a new programming language)
• Ability to assess and communicate security risks and urgency levels to management and engineering teams
• Excellent organizational, presentation, verbal, and written communication skills, as you will present findings through tickets and reports. Strong writing skills are essential
• Legal authorization to work in Australia without employer sponsorship, now or in the future
• North Ryde Sydney

Nice to Have 
 

• Proficiency in multiple programming languages, such as C/C++, Java, Swift, Objective-C, Go, Python, JavaScript, ARM, and/or x86_64 assembly
• Experience working with large codebases
• Familiarity with advanced exploit mitigations: PAC, CFI, memory tagging and how to bypass them
• Familiarity with common security assessment tools and techniques in areas like:
  • Fuzzing (e.g., libFuzzer)
  • Symbolic execution
  • Debuggers (e.g., gdb, lldb)
  • Mobile application assessment (iOS/Android)
  • Web application assessment (e.g., Working with Burp Suite, REST API testing)
  • Reverse engineering (e.g., IDA Pro, Ghidra, Frida)
  • Exploiting side-channel and fault attacks at the software level (we encourage creative thinking in exploitation, and you’ll have the scope to explore these issues)
• A track record of advancing offensive security research through vulnerability discoveries, publications, or the development of security tools
• Active participation or organization of Capture The Flag (CTF) competitions

Why This Vulnerability Research Role Is Like No Other 
 

• Work with the Best in Cybersecurity: Join a global team of top-tier vulnerability researchers dedicated to identifying and mitigating the most critical vulnerabilities.
• Flexible Hybrid Work: Enjoy the freedom to work hybrid in the office, giving you the flexibility to balance your professional and personal life.
• Innovative Vulnerability Research: Work at the forefront of security, discovering and analyzing vulnerabilities that could impact the future of the world.
• Big Company Resources, Small Team Agility: Benefit from the resources of a leading global organization while working in a nimble, collaborative team environment where you have the autonomy to take ownership of your research and drive real impact.
• Accelerate Your Career in Vulnerability Research: With access to ongoing training, specialized resources, and exposure to a broad range of technologies, you'll have the opportunity to deepen your expertise and contribute to developing advanced security tools and methodologies.
• Career Growth in Cybersecurity: We prioritize your professional development. Whether you want to deepen your technical skills, move into leadership, or expand into other areas of cybersecurity, we provide the mentorship and opportunities to help you achieve your goals.
• Exceptional Benefits & Perks: Enjoy comprehensive health benefits, generous paid time off, and more—ensuring your well-being both inside and outside of work.
• Make a Real Impact: Your research will directly contribute to securing critical systems and data, helping to protect and impact the future of the world by mitigating evolving cyber threats.

Ready to Make an Impact? 
If you’re passionate about uncovering vulnerabilities, pushing the boundaries of cybersecurity, and working on challenging, high-impact projects, we want you on our team. Join us in shaping the future of security through cutting-edge research and innovation. 
Apply Today and bring your expertise to a role where your contributions will drive real change in the cybersecurity landscape. #LI-DNI

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.

When everyone’s voice is heard, we’re inspired to go beyond what’s been done before. It’s why we’re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.

We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.

Disclaimer:

Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

* Which includes being a United States Affirmative Action Employer